[cabfpub] CAA (was RE: Domain Control Validation)
Chris Palmer
palmer at google.com
Mon Aug 25 20:25:21 UTC 2014
On Mon, Aug 25, 2014 at 1:19 PM, Ben Wilson <ben.wilson at digicert.com> wrote:
> Ben W. said, “if the CA gives the applicant a code that they need to put in
> the TXT record, and that happens,” and
>
> Ryan S. replied, “I think a CA-generated code with the DNS admin placing it
> is equivalent to mechanisms 1-6 for control demonstration purposes”.
>
> I think we ought to allow this as another method of confirming domain
> control for purposes of EV.
You'd want to also specify time-limits, one-time-use, and
non-replayability for the token.
More information about the Public
mailing list